Bigzizzzle Premium Member join:2005-01-27 Beverly Hills, CA |
[Info] Enterprise IP Addressing SchemeI work for a company that utilizes public IP (Non RFC 1918 address ranges) for internal networking.
Why would they design the network around that?
Is there justification for this address space abuse?
Printers, Workstations etc all using Public routeable address spaces owned by the company.
Has anyone ever seen this? |
|
|
abuse? As in why is your home address public? or why someone can find out who you are by your license plate?
There is no reason to use 1918 unless you do not have any IP to use or think of it as building sand castle and not a real one since you'd need a real property for that...
Most companies use their real routable IP addressing. |
|
BinkVillains... knock off all that evil join:2006-05-14 Colorado |
to Bigzizzzle
This is common place in large companies--if you have the IPs, use them. That said, hoarding unrouted IPv4 addresses is popular nowadays. |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
to Bigzizzzle
I would call it "lame excuse" more than "justification" -- the most common reason claimed is "ease of network interconnects" (i.e. inter-company VPNs) (see also: "lame excuse") Yes, there are lots of companies doing this. (USPS for one.) If you wanted to bitch about such misuses, you missed the boat over a decade ago. At this point, It. Does. Not. Matter. We're out of IPv4 address space; getting back the handful of (legacy) prefixes being used in this manner won't change that. |
|
|
to Bigzizzzle
There are some valid reasons of using Non-RFC-1918 IP version 4 addresses for internal networking. Following are some of those reasons.
* The internal network has been so huge that you cannot use RFC-1918 IP addresses for everything. In this case, you can only use RFC-1918 IP addresses for point-to-point network while hosts (such as router's Loopback interfaces, servers, printers, PC) have to use non-RFC-1918 IP addresses
* There are overlapping IP schemes within the internal network when you try to use RFC-1918 IP addresses for everything. This case usually applies when there are two companies merging or one company acquires other companies that the IP scheme overhaul usually result in using non-RFC-1918 IP addresses for hosts |
|
1 recommendation |
to Bigzizzzle
and to add to this... IPv6 would have no shortage for a quite a while so no one would be using a private addressing/NAT. |
|
|
tunerX
Member
2012-Oct-8 10:09 am
NAT has an inherent security feature that eliminates visibility into a local networks addressing schema. |
|
RyanG1 Premium Member join:2002-02-10 San Antonio, TX |
RyanG1
Premium Member
2012-Oct-8 12:54 pm
So do access-lists. |
|
|
lol, so does ip route x.x.x.x x.x.x.x null0
bitbucket! |
|
Bigzizzzle Premium Member join:2005-01-27 Beverly Hills, CA |
to RyanG1
Thanks for the feedback it just rubbed me different when I saw this. Keep pushing those packets. |
|
|
The company I work for uses publicly routable IPs for almost everything. They also use 10.0.0.0/8 for select other equipment, but not much.
The university I went to used all public IPs too. If they have the addresses, they use them and most of their networks were established before NAT was popular. |
|
|
to Bigzizzzle
said by Bigzizzzle:Why would they design the network around that? Politics trumping Best Practices? Otherwise, they're just that sure of their security. Otherwise, all the other comments so far are valid as well My old employer did this (IBM 9's network). My current employer does this as well. Whether I could hit my laptop's IP address from the Internet, well... never got the chance to test this theory. Regards |
|
|
You won't get a chance to do so from the network perspective, however, what makes this work on any network is the trojan installed on the CEO's PC that tells the thief about his US offshore accounts, passwords to his VIP Pr0n store, etc... All those has nothing todo with NAT/PAT... |
|
Wily_One Premium Member join:2002-11-24 San Jose, CA |
to HELLFIRE
I'd imagine most of the big companies that do this, do it because of legacy reasons. (e.g. "because we've always done it like this")
But that said, now that the pool of available IPv4 address space has been exhausted the RIRs like ARIN are cracking down on companies with existing allocations which are not, in fact using them. So some companies will look at it as a use-it-or-lose-it proposition. |
|
1 recommendation |
to Bigzizzzle
ADP is one company that's know for pissing away public IPs like this. |
|
|
to Bigzizzzle
lol
Ok. So in the early 80s you had a company and bought a /8 network and AS numbers to go with it...
So now, let's use RFC1918 because somehow we think NAT is our security? |
|